U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Phishing attacks exploit WinRAR flaw CVE-2025-8088 to install RomCom

WinRAR flaw CVE-2025-8088, fixed in v7.13, was exploited as a zero-day in phishing attacks to install RomCom malware. The WinRAR flaw CVE-2025-8088, a directory traversal bug fixed in version 7.13, was exploited as a zero-day in phishing attacks to deliver RomCom malware, Bleeping Computer first reported. The flaw is a path traversal vulnerability affecting the […]

Winrar

WinRAR flaw CVE-2025-8088, fixed in v7.13, was exploited as a zero-day in phishing attacks to install RomCom malware.

The WinRAR flaw CVE-2025-8088, a directory traversal bug fixed in version 7.13, was exploited as a zero-day in phishing attacks to deliver RomCom malware, Bleeping Computer first reported.

The flaw is a path traversal vulnerability affecting the Windows version of WinRAR. Attackers can exploit the vulnerability to execute arbitrary code by crafting malicious archive files. Researchers Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET disclosed the flaw.

Attackers can craft archives that place executables in Windows Startup folders, causing them to run at login and enabling remote code execution

ESET researchers told Bleeping Computer that threat actors actively exploited the vulnerability in spear-phishing attacks to deliver RomCom backdoors.

“ESET has observed spearphishing emails with attachments containing RAR files,” Strýček told BleepingComputer.

These archives exploited the CVE-2025-8088 to deliver RomCom backdoors. The threat actor behind RomCom (aka UAT-5647Storm-0978Tropical Scorpius, UAC-0180, UNC2596) is suspected to be a Russia-linked cyberespionage group.

RomCom has previously carried out ransomware and data-theft extortion attacks. At the end of 2024, RomCom exploited two Firefox and Tor Browser zero-day vulnerabilities in attacks on users across Europe and North America.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, RomCom)